Security News > 2021 > November

With nearly 50% of organisations with over 2,000 employees still yet to deal with security monitoring and implementation of incident response capabilities, we need to ask ourselves why? It's hard to deploy disparate and multiple complex systems to get true SOAR. It's hard to find the staff to resource both the engineering and the security operations, all bringing with it a high cost and management burden making it difficult for large organisations, let alone smaller organisations, to reach this level of security maturity.

There is often confusion between Cloud Access Security Brokers and SaaS Security Posture Management solutions, as both are designed to address security issues within SaaS applications. When it comes to getting full visibility and control over the organization's SaaS apps, an SSPM solution would be the better choice, as the security team can easily onboard apps and get value in minutes - from the immediate configuration assessment to its ongoing and continuous monitoring.

Whether pursued as a compliance requirement or a business strategy, open banking has ignited financial services firms to focus on APIs and API security. Financial services API security issues 54 of the 55 mobile apps that were reverse engineered contained hardcoded API keys and tokens including usernames and passwords to third-party services.

The confidential computing market is projected to grow at a CAGR of 90%-95% to reach $54 billion in 2026, according to findings from a market study by Everest Group. Confidential computing protects data in use by performing computation in a hardware-based Trusted Execution Environment.

Cybersecurity researchers disclosed details of what they say is the "Largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Mainly targeting MIPS-based fiber routers, the botnet leverages a combination of third-party services such as GitHub, peer-to-peer networks, and central command-and-control servers for its bots to controller communications, not to mention completely encrypting the transmission channels to prevent the victimized devices from being taken over.